Q: Why is it Kerberos Principal and not Kerberos Principle?


When used as a noun the word principal refers to the primary person in a group of people. For example, the principal of a school is arguably the most important person there. Principal can also refer to the primary thing of importance in a related set of things. For example, the principal of my loan, plus the interest, adds up to the total I owe. On the other hand the word principle, also a noun, refers to a foundational law or doctrine.

This can get complicated when the word principal is used as as an adjective, where it means the most important whatever the noun is. So you could correctly say "this is the principal principle" if you wanted to really confuse people, but the other way around does not work.

In Kerberos, principal refers to the person (actually the thing representing the person). A Kerberos principal is the unique and complete identifier of a person, usually consisting of a name, such as othomas; a domain, such as ATHENA.MIT.EDU; and optionally an instance, such as root. The term Kerberos principle, on the other hand, is not commonly used at all. But if it were used it could correctly refer to something such as one of the fundamental rules or doctrines of Kerberos as a technology and concept.

Some examples

  • othomas@ATHENA.MIT.EDU is my Kerberos principal
  • "Not sending a password over the network during authentication" is a Kerberos principle

Last Modified:

February 03, 2009

